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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after t he mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) 13 Responsive to communication(s) filed on 19 April 2007 . 

2a)E3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) ^ Claim(s) 1-19 is/are pending in the application. . 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-19 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

1 0)D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

II) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 > □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 
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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 4/19/07 have been fully considered but they are not persuasive. 
Applicant argues the following: 

a) Alsberg is not directed to monitoring processors to find any faults that may be present. 

b) Examiner does not identify what the examiner considers to be the diagnostic data in Alsberg. 

c) Alsberg does not teach suppressing the capture of diagnostic data. 

In response to a), examiner respectfully disagrees. Alsberg's invention includes a detection means which 
further includes a means for generating an alarm in the event that certain potentially sensitive events 
occur and means for interrogating events generated and stored in the detection means. Examiner 
believes that this is analogous to finding faults that may be present. 

In response to b), examiner would like to clarify what is interpreted as diagnostic data in the Alsberg 
reference. Alsberg teaches a security server that provides a command filter means for monitoring 
information between the computers 18 and terminals 16. The communication between computers 18 and 
terminals 16 is being interpreted by examiner as the capture of diagnostic data. 
In response to c), examiner also respectfully disagrees. Based on the clarification above, any 
suppression of communications between computers 18 and terminals 16 would be considered as 
suppressing diagnostic data. Alsberg teaches that the detection means is a means to block the transfer 
of certain data identified by the command filter so that such identified data is not transferred from terminal 
to computer or computer to terminal. Examiner believes blocking this data is analogous to suppressing it 
from being captured. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-19 are rejected under 35 U.S.C. 102(b) as being anticipated by Alsberg, US 
Patent No. 4,672,572. 

As per claims 1 and 11, Alsberg teaches: 

A processor operable in a plurality of modes, and a plurality of domains, said plurality of domains 

comprising a first domain and a second domain, the processor comprising: 

[see column 2, lines 46-49] "The invention can be briefly described as a protector device for 
enhancing the security of a computer system which includes one or more user terminals and one 
or more host computers." 

monitoring logic operable to monitor said processor and capture diagnostic data; 

[see column 2, lines 46-53] "The protector device includes a detection means for monitoring 
communications between terminals and host computers wherein the detection means is 
independent from the host computer and the terminals. " 

a storage element operable to contain at least one control parameter; 

[see column 4 Jines 7-9] "The security server also includes means for checking the identification 
of users of the terminals through a password-type procedure." 

control logic operable to control said monitoring logic in dependence on said at least one control 

parameter and the domain in which said processor is operating, to suppress capturing of diagnostic data 

relating to predetermined activities of said processor in said first domain. 

[see column 4, lines 10-12] "The security server provides an access-level means for limiting 
identified users to predetermined access to certain computer ports." 

[see column 3, lines 11-18] "the detection means includes an audit trail means for storing data 
segments recorded by the audit recording means when the audit capture signal is generated. 
Also included in the detection means is a means to block the transfer of certain data identified by 
the command filter so that such identified data is not transferred from terminal to computer or 
computer to terminal. 



As per claims 2 and 12, Alsberg teaches: 

A processor according to claim 1 , wherein the first domain is a secure domain and the second domain is 
a non-secure domain, said processor being operable such that when executing a program in a secure 
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mode within said secure domain said program has access to secure data which is not accessible when 

said processor is operating in a non-secure mode within said non-secure domain. 

[see column 6, lines 67-68 and column 7, lines 1-4] "In addition to monitoring and controlling user 
activities, the security server also supports administrator activities, by means of an 
administrator monitor 71. Administrator activities include reading and changing the security 
database 58, analyzing the audit-trail storage 70, and monitoring current system status and 
controlling system activity. 



As per claims 3 and 1 3, Alsberg teaches: 

A processor according to claim 1 , wherein the at least one control parameter provides an indication of 

said domain of operation of the processor, said control logic being operable to suppress capturing of 

diagnostic data when said processor switches from second to first domain. 

[see column 8, lines 64-68] "In some instances it may be desirable to create more than one 
connection at a time, although a user will generally be limited to using only one connection at a 
time in most embodiments. This may be desirable in instances where a user may be switching 
back and forth from one connection to another during a single login session. 

Connections are created using login and password as taught in the rejection of claim 1 above. 



As per claims 4 and 14, Alsberg teaches: 

A processor according to claim 1 , wherein said at least one control parameter identifies an application,' 
said control logic being operable to suppress capturing of diagnostic data when said processor switches 
from an identified application in said first domain to an application in said first domain not identified by 
said at least one control parameter. 

[see column 2, lines 31-38] "It is another object of the subject invention to provide a security 
device which provides multilevel access control for each particular user to various computers, 
operating systems, or function programs available in a computer system, whereby the security 
device automatically connects the user to the particular computer, operating system, or function 
program to which the user desires access. " 

[see column 8, lines 24-26] "It should be recognized that other alternative sen/ices could be 
provided, depending on a particular application." 



As per claims 5 and 15, Alsberg teaches: 

A processor according to claim 1, wherein said first domain comprises a plurality of modes and said at 
least one control parameter identifies a particular mode within said first domain, said control logic being 
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operable to suppress capturing of diagnostic data when said processor switches between an identified 
mode within said first domain and a mode within said first domain not identified by said at least one 
control parameter. 

[see column 6, lines 50-56] "the occurrence of an audit capture command will cause the access 
node to transfer audit information to the audit trail module 66 via communications media between 
the access node and security server. In this embodiment, the access node would be responsible 
for blocking or modifying certain information identified by the command filter. " 

As per claims 6 and 16, Alsberg teaches: 

A processor according to claim 5, wherein said plurality of modes in said first domain comprise a user 
mode and a privileged mode. 

[see rejection of claim 2, "User and Administrator"] 
As per claims 7 and 17, Alsberg teaches: 

A processor according to claim 1, wherein said control logic is operable to control said monitoring logic to 

resume capturing of diagnostic data when said processor switches back from said predetermined activity 

to an activity for which capturing of diagnostic data is not suppressed. 

[see column 9, lines 2-5] "In the event that a user wishes to resume previously suspended 
connection, he chooses a "resume-connection command" from the list of available services." 

As per claims 8 and 18, Alsberg teaches: 

A processor according to claim 1 , wherein said monitoring logic comprises logic operable to perform a 
debug function. 

[see figure 5, element 74, "audit trail analysis"] Examiner interprets the functions of an audit trail 
analysis in the Alsberg Patent to be the same as that of a debug function. 

As per claims 9 and 19, Alsberg teaches: 

A processor according to claim 1, wherein said monitoring logic comprises logic operable to perform a 
trace function. 
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[see figure 5, element 66, "audit trail recording"] Examiner interprets the functions of audit trail 
recording in the Alsberg Patent to be the same as that of a trace function. 

As per claim 10, Alsberg teaches: 

A processor according to claim 1, wherein said control logic suppresses capture of said diagnostic data 

by removing power input to the monitoring logic. 

[see column 10, lines 67-68 and column 11, lines 1-4] "Another type of command selection that 
the administrator typically has available includes system control commands. System-control 
commands are exemplified by the ability to force a user off the system, shut the system down, 
and send messages to all users on the system." 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth 
in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the mailing date of this final action. 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
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Alexandria, VA 22314 



*. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 
be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 





Daniel L. Hoang 
8/02/07 




